This posting is what it is. Look for something wrong and you will always find it. What should they have done? Given the company a month? Six months? A Year? No matter what the timeframe someone will find something wrong with it.
Big problems require big solutions, true. Those big problems are usually self induced. I have zero sympathy, especially in this day and age, for issues like this that could have been averted if they had contracted with real, yes *real*, experts to evaluate the security of their system. How is it that an unpaid, curious individual, without the benefit of the code or system design found this and the hired experts did not?
Review:
- Protection: 3 byte code (3 characters)
- Same code used on all cards, hack one and you have them all.
- No data verification
I would hope that even to a layman this looks like a very, very, very, very *bad* idea.
Big problems require big solutions, true. Those big problems are usually self induced. I have zero sympathy, especially in this day and age, for issues like this that could have been averted if they had contracted with real, yes *real*, experts to evaluate the security of their system. How is it that an unpaid, curious individual, without the benefit of the code or system design found this and the hired experts did not?
Review:
- Protection: 3 byte code (3 characters)
- Same code used on all cards, hack one and you have them all.
- No data verification
I would hope that even to a layman this looks like a very, very, very, very *bad* idea.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/150/666#666